Page MenuHomePhabricator
Create Task
Maniphest T404566

Prepare and check storage layer for tokwiki
Closed, ResolvedPublic
Actions

Description

The new wiki's visibility will be: Public.

Related Objects
Search...

Event Timeline

Maintenance_bot created this task.Sep 15 2025, 9:22 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 15 2025, 9:22 AM
fnegri added a parent task: T404570: [wikireplicas] Create views for new wiki tokwiki.Sep 22 2025, 9:04 AM
FCeratto-WMF changed the task status from Open to In Progress.Sep 22 2025, 9:22 AM
FCeratto-WMF claimed this task.
FCeratto-WMF triaged this task as Medium priority.
FCeratto-WMF moved this task from Triage to In progress on the DBA board.
FCeratto-WMF closed this task as Resolved.Sep 29 2025, 6:32 PM

Preparation completed.

Maintenance_bot moved this task from In progress to Done on the DBA board.Sep 29 2025, 7:29 PM
Stashbot added a comment.Nov 4 2025, 5:24 PM

Mentioned in SAL (#wikimedia-operations) [2025-11-04T17:24:31Z] <fnegri@cumin1003> START - Cookbook sre.wikireplicas.add-wiki for database tokwiki (T404566)

Stashbot added a comment.Nov 4 2025, 5:24 PM

Mentioned in SAL (#wikimedia-operations) [2025-11-04T17:24:40Z] <fnegri@cumin1003> END (PASS) - Cookbook sre.wikireplicas.add-wiki (exit_code=0) for database tokwiki (T404566)

fnegri subscribed.Nov 4 2025, 5:26 PM

I sent the SAL to the wrong task (should have been T404570: [wikireplicas] Create views for new wiki tokwiki), but there is something missing: I'm not finding tokwiki in any section, at least not in the ones that are replicated to wikireplicas.

Marostegui subscribed.Nov 4 2025, 5:59 PM

I don't see any comment of the database being created - Federico maybe you prepared this beforehand when the database wasn't created?
If that's the case we should revert back and remove at least the grants to avoid any possible data leak (which isn't really possible if the aren't any views)
@fnegri you confirm no views are created right?

Marostegui reopened this task as Open.Nov 4 2025, 6:13 PM

Ok so this is wrong and could have potentially resulted in a data leak - fortunately the database wasn't yet created otherwise if the database is created and the views applied before sanitization, we would have exposed data that shouldn't be there.

root@clouddb1020.eqiad.wmnet[(none)]> show grants for labsdbuser;
| GRANT SELECT, SHOW VIEW ON `tokwiki_p`.* TO `labsdbuser`           |
135 rows in set (0.001 sec)

root@clouddb1020.eqiad.wmnet[(none)]> nopager;
PAGER set to stdout
root@clouddb1020.eqiad.wmnet[(none)]> show databases like 'tok%';
Empty set (0.002 sec)

The database is not created so this task needs to be reopened.
For now, I've removed those grants from the clouddb* hosts.

root@clouddb1020.eqiad.wmnet[(none)]> revoke SELECT, SHOW VIEW ON `tokwiki_p`.* from labsdbuser;
Query OK, 0 rows affected (0.002 sec)

root@clouddb1020.eqiad.wmnet[(none)]> pager grep tok
PAGER set to 'grep tok'
root@clouddb1020.eqiad.wmnet[(none)]> show grants for labsdbuser;
134 rows in set (0.001 sec)





root@clouddb1016.eqiad.wmnet[(none)]> pager grep tok
PAGER set to 'grep tok'
root@clouddb1016.eqiad.wmnet[(none)]> show grants for labsdbuser;
| GRANT SELECT, SHOW VIEW ON `tokwiki_p`.* TO `labsdbuser`           |
135 rows in set (0.001 sec)

root@clouddb1016.eqiad.wmnet[(none)]> revoke SELECT, SHOW VIEW ON `tokwiki_p`.* from labsdbuser;
Query OK, 0 rows affected (0.002 sec)

root@clouddb1016.eqiad.wmnet[(none)]> show grants for labsdbuser;
134 rows in set (0.001 sec)







root@an-redacteddb1001.eqiad.wmnet[(none)]> pager grep tok
PAGER set to 'grep tok'
root@an-redacteddb1001.eqiad.wmnet[(none)]> show grants for labsdbuser;
| GRANT SELECT, SHOW VIEW ON `tokwiki_p`.* TO `labsdbuser`           |
135 rows in set (0.002 sec)

root@an-redacteddb1001.eqiad.wmnet[(none)]> revoke SELECT, SHOW VIEW ON `tokwiki_p`.* from labsdbuser;
Query OK, 0 rows affected (0.006 sec)

root@an-redacteddb1001.eqiad.wmnet[(none)]> show grants for labsdbuser;
134 rows in set (0.002 sec)
Marostegui removed FCeratto-WMF as the assignee of this task.Nov 4 2025, 6:13 PM
Marostegui added a subscriber: FCeratto-WMF.

Removing the assignee as we aren't the ones creating wikis.

Marostegui moved this task from Done to Blocked on the DBA board.Nov 4 2025, 6:14 PM
fnegri added a comment.Nov 5 2025, 10:26 AM

@fnegri you confirm no views are created right?

Yes, no views were created for tokwiki because the db was not found.

fnegri mentioned this in T404570: [wikireplicas] Create views for new wiki tokwiki.Nov 5 2025, 10:28 AM
taavi subscribed.Nov 26 2025, 4:28 PM

Wiki has been created.

ops-monitoring-bot added a comment.Nov 27 2025, 6:11 AM

Section s5: Wikis tokwiki redacted - marostegui@cumin1003

ops-monitoring-bot added a comment.Nov 27 2025, 6:21 AM

Section s5: Wikis tokwiki set up on clouddb - marostegui@cumin1003

Marostegui closed this task as Resolved.Nov 27 2025, 6:22 AM
Marostegui claimed this task.

All sanitized.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits